NHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed. The ICO said that Advanced “broke data protection law” by not fully rolling out multi-factor authentication prior to its breach, which allowed hackers to break in with stolen credentials and steal the personal information of tens of thousands of people across the United Kingdom.
Read the article: TechCrunch